CVE-2015-8628
5.3
MEDIUM
CVSS 3.1
EPSS 0.43%
Description
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
How to fix CVE-2015-8628
To remediate CVE-2015-8628, upgrade the affected package to a fixed version below.
- —upgrade to 1:1.25.5-1 or later
Is CVE-2015-8628 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.25.5-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |